Businesses and other entities increasingly use infrastructure-as-a-service (IaaS) vendors to provide hosted computing resources instead of purchasing and maintaining computer hardware themselves. Unfortunately, without physical control over physical hardware, security and other problems can arise. As one example, newly provisioned virtual domains are particularly vulnerable to compromise by nefarious individuals until such time as the owner of the domain is able to access the domain and configure it correctly. As another example, multiple customers may make use of the same configuration server when configuring their respective virtual domains. The configuration server is a single point of compromise that can include high value assets such as cleartext password information for the various domains it supports. A nefarious individual can extract sensitive information out of the configuration server by directly attacking it, and also by impersonating a domain and asking for its configuration information.